| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 7 Feb 2022 10:50:40 +0000
From: Usama Arif <usama.arif@...edance.com>
To: io-uring@...r.kernel.org, axboe@...nel.dk, asml.silence@...il.com,
linux-kernel@...r.kernel.org
Cc: fam.zheng@...edance.com, lkp@...ts.01.org, lkp@...el.com,
Usama Arif <usama.arif@...edance.com>,
kernel test robot <oliver.sang@...el.com>
Subject: [PATCH] io_uring: unregister eventfd while holding lock when freeing ring ctx
This is because ctx->io_ev_fd is rcu_dereference_protected using
ctx->uring_lock in io_eventfd_unregister. Not locking the function
resulted in suspicious RCU usage reported by kernel test robot.
Reported-by: kernel test robot <oliver.sang@...el.com>
Signed-off-by: Usama Arif <usama.arif@...edance.com>
---
fs/io_uring.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/fs/io_uring.c b/fs/io_uring.c
index ad8f84376955..dbc9d3f3f6c5 100644
--- a/fs/io_uring.c
+++ b/fs/io_uring.c
@@ -9471,8 +9471,8 @@ static __cold void io_ring_ctx_free(struct io_ring_ctx *ctx)
__io_sqe_files_unregister(ctx);
if (ctx->rings)
__io_cqring_overflow_flush(ctx, true);
- mutex_unlock(&ctx->uring_lock);
io_eventfd_unregister(ctx);
+ mutex_unlock(&ctx->uring_lock);
io_destroy_buffers(ctx);
if (ctx->sq_creds)
put_cred(ctx->sq_creds);
--
2.25.1
Powered by blists - more mailing lists